Active Members akkiliON Posted October 6, 2021 Active Members Report Share Posted October 6, 2021 Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source project maintainers noted in an advisory published Tuesday. "If files outside of the document root are not protected by 'require all denied' these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts." The flaw, tracked as CVE-2021-41773, affects only Apache HTTP server version 2.4.49. Ash Daulton and cPanel Security Team have been credited with discovering and reporting the issue on September 29, 2021. Source: PT SWARM Also resolved by Apache is a null pointer dereference vulnerability observed during processing HTTP/2 requests (CVE-2021-41524), thus allowing an adversary to perform a denial-of-service (DoS) attack on the server. The non-profit corporation said the weakness was introduced in version 2.4.49. Apache users are highly recommended to patch as soon as possible to contain the path traversal vulnerability and mitigate any risk associated with active exploitation of the flaw. Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post. https://securityaffairs.co/wordpress/122999/hacking/apache-zero-day-flaw.html 1 3 Quote Link to comment Share on other sites More sharing options...
Nytro Posted October 6, 2021 Report Share Posted October 6, 2021 Interesant bug. RST nu e vulnerabil, noi suntem mai batrani si avem o versiune mai veche 2 Quote Link to comment Share on other sites More sharing options...
aelius Posted October 6, 2021 Report Share Posted October 6, 2021 1 hour ago, Nytro said: Interesant bug. RST nu e vulnerabil, noi suntem mai batrani si avem o versiune mai veche Eu ma intreb de ce apache si nu nginx? (comoditate?) tag scumbag @Zatarra :))))) 1 Quote Link to comment Share on other sites More sharing options...
Zatarra Posted October 7, 2021 Report Share Posted October 7, 2021 9 hours ago, aelius said: Eu ma intreb de ce apache si nu nginx? (comoditate?) tag scumbag @Zatarra :))))) Ba ce hater. De ce nu :)). Oricum Nytro e sefu la platforme dar la ce varsta avem, zi mersi ca mai putem tasta 2 Quote Link to comment Share on other sites More sharing options...
Nytro Posted October 7, 2021 Report Share Posted October 7, 2021 Da, cand isi vinde @Zatarra masina o sa puna in anunt: "Condusa de un batranel pana la data-center si inapoi". 5 Quote Link to comment Share on other sites More sharing options...